/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package edu.chl.angholt.bookproject;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import edu.chl.angholt.bookproject.db.*;
import edu.chl.angholt.bookproject.db.entity.*;

/**
 *
 * @author Lobna
 * Servlet to handle login, logout and registration
 */
@WebServlet(name = "LoginServlet", urlPatterns = {"/LoginServlet"})
public class LoginServlet extends HttpServlet {

    /** 
     * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        try {
            UserJpaCtrl userCtrl = Database.getUserController();
            String action = request.getParameter("action");

            if (action != null) {
                //register button event
                if (action.equals("registerbtn")) {
                    String name = request.getParameter("registername");
                    if (name != null) {

                        if (userCtrl.doesEmailExist(name) || name.length() < 5) { //User already exists or supplied name is too short
                            response.sendRedirect("register.jspx");

                        } else {    //OK, create user
                            userCtrl.create(new User(null, "active", name, request.getParameter("registerpasswd").hashCode()));
                            response.sendRedirect("login.jspx");
                        }
                    } else { //User is null
                        response.sendRedirect("register.jspx");
                    }

                } // login button event
                else if (action.equals("loginbtn")) {
                    String name = request.getParameter("loginname");
                    String password = request.getParameter("loginpasswd");
                    //Fields aren't null
                    if (name != null && password != null) {
                        if (!name.equals("admin")) {
                            //Check that the username is registered
                            if (userCtrl.doesEmailExist(name)) {

                                User user = userCtrl.getUser(name);
                                //Check that password is correct
                                if (user.getHash() == password.hashCode()) {
                                    request.getSession().setAttribute("user", user);
                                    request.getRequestDispatcher("WEB-INF/jsp/mypage.jspx").forward(request, response);


                                } else {    //Wrong password
                                    response.sendRedirect("login.jspx");

                                }
                            } else {    //Unregistered user
                                response.sendRedirect("login.jspx");
                            }
                        } else {
                            response.sendRedirect("home.jspx");
                        }
                    } else {        //One or more fields are blank
                        response.sendRedirect("login.jspx");
                    }
                } else if (action.equals("logout")) {
                    request.getSession().invalidate();
                    response.sendRedirect("home.jspx");
                } else if (action.equals("adminbtn")) {
                    String name = request.getParameter("adminname");
                    String pwd = request.getParameter("adminpasswd");
                    if (name != null && pwd != null) {
                        //Check that the username is registered
                        if (userCtrl.doesEmailExist(name)) {
                            User user = userCtrl.getUser(name);
                            //Check that password is correct
                            if (user.getHash() == pwd.hashCode()) {
                                request.getSession().setAttribute("user", user);
                                request.getRequestDispatcher("WEB-INF/jsp/adminpage.jspx").forward(request, response);

                            } else {    //Wrong password
                                response.sendRedirect("admin.jspx");
                            }
                        } else {    //Unregistered user
                            response.sendRedirect("admin.jspx");
                        }
                    } else {        //One or more fields are blank
                        response.sendRedirect("admin.jspx");
                    }
                    response.sendRedirect("home.jspx");
                } else {
                    request.getRequestDispatcher("/404.jspx").forward(request, response);
                }
            } else {
                request.getRequestDispatcher("/404.jspx").forward(request, response);
            }



        } catch (Exception e) {
            System.err.println(e.getMessage());
            e.printStackTrace();
            request.getRequestDispatcher("/404.jspx").forward(request, response);
        } finally {
        }
    }

    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
    /** 
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /** 
     * Handles the HTTP <code>POST</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /** 
     * Returns a short description of the servlet.
     * @return a String containing servlet description
     */
    @Override
    public String getServletInfo() {
        return "Short description";
    }// </editor-fold>
}
